The American Civil Liberties Union wants to help Microsoft challenge government gag orders that prevent it from telling its customers when it receives warrants for their information.Microsoft sued the Justice Department in April, claiming that the government s demands for silence were unconstitutional.The company said that Outlook.com and Office365 were the products most often targeted by the Justice Department, adding that it received 2,576 requests for customer data accompanied by a gag order between September 2014 and March 2016.The civil rights non-profit says Microsoft welcomed its intervention, and argued that it is directly impacted by the case because it uses Microsoft products.The government has managed to circumvent this critical protection in the digital realm for decades, but Microsoft s lawsuit offers the courts an opportunity to correct course.The Justice Department often issues its requests for data under a 30-year-old law called the Electronic Communications Privacy Act ECPA , which allows for gag orders to be issued along with data requests.
I appreciate Google s focus on iOS and OS X apps, as I routinely use many of the company s services.Its recent introduction and announcement of four new apps that are or will be first for Apple platforms or released simultaneously with other is a terrific way to pull more people into its rich ecosystem.You can use end-to-end encryption in Allo by enabling what Google is oddly calling Incognito Mode, something that s typically used to refer to a browser feature in which cookies, history, and other signals engaged in during a session are discarded when the mode is disengaged.Google s privacy policy also more broadly says it will share personal information if it s reasonably necessary for a few different circumstances, including to detect, prevent, or otherwise address fraud, security or technical issues and protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.The Stored Communications Act SCA in the U.S. generally protects us against disclosure except in limited cases, and someone suing you can t simply subpoena Google for your Allo messages or Gmail or any stored online data .Chris Soghoian, a security researcher of some renown who works at the ACLU, noted on Twitter, The FBI stopped asking for backdoors a while back.
And another team of researchers proved that it s possible to hide a hackable backdoor in a processor that consists of only one single, microscopic component out of a billion.In total, the collection of breached passwords for sale has now risen to 642 million—not a number the information security industry can be proud of.Just when the week of megabreaches seemed at an end, breach-monitoring service Leaked Source discovered an apparently hacked collection of as many as 127 million accounts, including hashed passwords, from the UK-based social networking service Badoo.In early May, the FBI filed a proposal to create an exemption in the Privacy Act for its so-called Next Generation Identification System, a collection it s building of biometric data from more than 70 million criminal records and 38.5 civil ones, including state motor vehicles departments, visa applications and welfare screenings.A group of 45 civil society groups issued an open letter opposing the move, including the ACLU, the Electronic Frontier Foundation, Amnesty International and even Lyft and Uber.It only works within a simulated Siemens control system environment, and it s been given a cool-sounding name: Irongate.
Entries in the database are coded according to threat level to provide law enforcement with instructions on what to do when they encounter a suspected terrorist who is on the list.According to a 2005 inspector general report .pdf , of some 110,000 records in the database that the IG reviewed, 75 percent of them were given handling code 4, considered the lowest level, and 22 percent were given handling code 3.Instead of a watch list limited to actual, known terrorists, the government has built a vast system based on the unproven and flawed premise that it can predict if a person will commit a terrorist act in the future, Hina Shamsi, head of the ACLU s National Security Project, told The Intercept.On that dangerous theory, the government is secretly blacklisting people as suspected terrorists and giving them the impossible task of proving themselves innocent of a threat they haven t carried out.The only way you should get off the list is if they no longer believe you re a threat, Senator Lindsey Graham said during a Capitol Hill briefing after the Orlando shooting.They may try the dangle operation two or three times, and if he shows no genuine interest in activity, if he doesn t take the bait, then they say after a period of time, we ve got no reason to believe this person is something other than an angry young man … and they close the investigation.
Tor users in their local café -and pretty much anyone else looking for secure comms – that means you.On Tuesday 50 companies, including Google, PayPal, the TOR Project, Data Foundry, the rather unfortunately named Hide My Ass VPN, and the ACLU and EFF, urged Congress to block the Rule 41 change, saying it was an undemocratic decision and an issue that elected representatives needed to debate rather than usher in via the backdoor.Last month Senators Ron Wyden D-OR and Rand Paul R-KY tabled the Stopping Mass Hacking SMH Act to do just this."If this proposal passes, FBI agents will be able to demand the records of what websites you look at online, who you email and chat with, and your text message logs, with no judicial oversight whatsoever."In the event of a security emergency this can be granted weeks after the action by US courts who seldom turn down such applications.To add pressure the Electronic Frontier Foundation has released embeddable code for website operators to add that makes it easier to petition Congress on its noglobalwarrants.org website.
A proposal to expand the FBI s spying powers fell two votes shy in a Senate vote Wednesday, but the door is open for another vote soon.The Republican proposal, offered as an amendment to a spending bill, would allow the FBI to use national security letters under the Patriot Act to obtain people s internet browsing history and other communications information without a warrant during a terrorism investigation.The Senate voted 58-38 for the measure, but the Hill notes that Majority Leader Mitch McConnell changed his vote from yes to no, a procedural move that clears the way for him to bring it up again.Civil liberties groups and tech companies had opposed the amendment, which was introduced by Sens.Earlier this month, companies such as Google, Facebook and Yahoo, and groups such as the ACLU and Electronic Frontier Foundation signed a letter to lawmakers that read, in part: The new categories of information that could be collected using an NSL — and thus without any oversight from a judge — would paint an incredibly intimate picture of an individual s life.Democrats have accused Republicans of exploiting last week s Orlando mass shooting to push through unrelated legislation.The shooter had been investigated for terrorist ties.Republicans are pushing fake, knee-jerk solutions, Sen. Ron Wyden, D-Oregon reportedly said.The spending bill, called the Commerce, Justice, Science and Related Agencies Appropriations Act, is scheduled for a final vote in the Senate later this week, the EFF notes.Photo: A protester with the organization Code Pink wears giant glasses with the message Stop Spying in 2013.AFP/Getty Images Tags: fbi, legislation, national security letters, NSL, senate, spying, Surveillance
Senator John Cornyn R-TX has named the issue the FBI's top legislative priority and has tabled a further amendment to allow similar powers to law enforcement.— Ron Wyden @RonWyden June 22, 2016The FBI already has the ability to collect all this data under the Patriot Act, but it has to either go to a judge first or – in case of emergency – can collect it anyway and ask for retroactive permission, which is almost always granted.But in 2008, the government ruled the FBI had to go to a judge first, and since then the agency has been pushing back.Unless Congress votes to change the rules by December 1 then the change will come into effect.Senators Ron Wyden D-OR and Rand Paul R-KY introduced the Stopping Mass Hacking SMH Act to introduce a legislative change before the December 1 deadline, and tech firms like Google and PayPal as well as the Tor Project, the ACLU and EFF have sought to mobilize public support for the legislation.Earlier this week the senator was one of many Republicans who struck down legal proposals – also introduced in the wake of the Orlando shootings – which would have barred those on a terrorism watch list from purchasing firearms legally.
Towards that end, Airbnb has hired me to help them lead a 90-day review process to address discrimination issues.I will begin that process by spending the summer meeting with technology experts, civil rights leaders, housing advocates and members of the Airbnb community to solicit their ideas.Airbnb should be less focused on fixing one-off examples of individual discrimination than on understanding how the platform and underlying technology itself may contribute to possible systemic problems.That includes putting in policies and processes that will set the model for the industry and which will reflect the company s commitment to fighting discrimination and acting quickly if something goes wrong.The brilliant staff at Airbnb cannot make its way in this increasingly diverse world, unless they are a more diverse company and are active in communities that will support them in this effort.Laura W. Murphy recently retired as director of the ACLU s Washington Legislative Office after 17 years.
The Computer Fraud and Abuse Act limits online discrimination research, the group saysThe American Civil Liberties Union has filed a lawsuit challenging a 30-year-old hacking-crimes law, with the civil liberties group saying the law inhibits research about online discrimination.The ACLU on Wednesday filed a lawsuit challenging the Computer Fraud and Abuse Act on behalf of a group of academic researchers, computer scientists, and journalists.The CFAA limits online research because of its "overbroad criminal prohibitions," the ACLU said.The group of plaintiffs in the lawsuit want to investigate online discrimination in areas like housing and employment, "but they often can't," the ACLU said in a blog post.Courts have interpreted a provision of the CFAA prohibiting people from exceeding authorized access to a computer to include violations of website terms of service, the ACLU said.
In the case, known as Sandvig v. Lynch, the ACLU argues on behalf of First Look Media Works and four professors who want to deploy bots and fake profiles to study possible racial discrimination in online advertising for housing and employment.The researchers haven't been able to proceed because they're afraid of being sued or prosecuted under the Computer Fraud and Abuse Act CFAA .While examining such an important issue would be no problem in the analog world, the researchers argue that when it's done online, they may be violating the terms of service of the target websites and may run afoul of the CFAA.Nearly every such site explicitly prohibits scraping, crawling, and other similar tactics.Matthew Keys could face up to 25 years in prison after allegedly giving up CMS login.There have been a number of recent high-profile CFAA criminal prosecutions, including Matthew Keys, Chelsea Manning, and the late Aaron Swartz.
Filing claims the CFAA blocks online researchersThe American Civil Liberties Union ACLU says the US Computer Fraud and Abuse Act CFAA should be stricken for being unconstitutional.The civil rights group said in a filing PDF to the Washington, DC, District Court that the CFAA prevents researchers and whistleblowers from carrying out their work and violates both the free speech and due process clauses in the First and Fifth Amendments.The suit, Sandvig v Lynch, asks that the courts invalidate the law, which has been the basis for hacking and computer crime prosecutions since its enaction by Congress in 1986.According to the ACLU, the CFAA illegally prevents researchers from doing their jobs by restricting activities to those approved by a product's terms of service TOS .Because the Act counts violating a TOS as "unauthorized" access, the ACLU argues that companies are able to effectively write their own criminal laws with a TOS.
Facebook Messenger, the messaging app that has 900 million users, is testing end-to-end encryption.Facebook said Friday that it s doing limited testing of secret conversations in Messenger, joining other messaging services that provide users with secure communications that aren t meant to be accessed by anyone else, such as Facebook-owned WhatsApp, Apple s iMessage, Google s Allo and more.The conversations will be end-to-end encrypted and… can only be read on one device of the person you re communicating with, Facebook said in a blog post.That means the messages are intended just for you and the other person — not anyone else, including us.This also means law enforcement officials, some of whom have spoken out against the rise of encryption technology that they say makes their investigations harder.Messenger s secret conversations will be opt-in — users must turn on the feature — and the messages can be read on only one device.Facebook already is being criticized for not turning on encryption by default.Soghoian, of the ACLU, also echoed other sentiment that Facebook is bowing to FBI wishes.Facebook isn t alone in getting flak for choosing the opt-in route.Allo s encryption isn t enabled by default, either, and critics of Google s decision included Edward Snowden.Facebook says that for the encrypted messages, it s using the Signal Protocol developed by San Francisco-based nonprofit Open Whisper Systems.Above: Screenshots of Facebook Messenger s secret conversations Facebook Tags: Encryption, end-to-end encryption, facebook, messaging, Messenger
Facebook Messenger, the messaging app that has 900 million users, is testing end-to-end encryption.Facebook said Friday that it s doing limited testing of secret conversations in Messenger, joining other messaging services that provide users with secure communications that aren t meant to be accessed by anyone else, such as Facebook-owned WhatsApp, Apple s iMessage, Google s Allo and more.The conversations will be end-to-end encrypted and… can only be read on one device of the person you re communicating with, Facebook said in a blog post.That means the messages are intended just for you and the other person — not anyone else, including us.This also means law enforcement officials, some of whom have spoken out against the rise of encryption technology that they say makes their investigations harder.Messenger s secret conversations will be opt-in — users must turn on the feature — and the messages can be read on only one device.Facebook already is being criticized for not turning on encryption by default.Soghoian, of the ACLU, also echoed other sentiment that Facebook is bowing to FBI wishes.Facebook isn t alone in getting flak for choosing the opt-in route.Allo s encryption isn t enabled by default, either, and critics of Google s decision included Edward Snowden.Facebook says that for the encrypted messages, it s using the Signal Protocol developed by San Francisco-based nonprofit Open Whisper Systems.Above: Screenshots of Facebook Messenger s secret conversations Facebook Tags: Encryption, end-to-end encryption, facebook, messaging, Messenger
Dallas police used a bomb robot today to a kill a suspected gunman involved in the murder of five police officers and the wounding of seven others.The decision to kill the suspect using a robot armed with an explosive, was made after an hours-long standoff.Dallas police chief David Brown said, after negotiations broke down, the suspect and police officers exchanged gunfire.Although it s not new for police agencies to use robots, typically used for non-lethal force, it is new for cops to use a robot to kill a suspect.As robots become more sophisticated and potentially automated, using them as weapons will spark tricky legal and ethical issues for law enforcement.As a legal matter, the choice of weapon in a decision to use lethal force does not change the constitutional calculus, which hinges on whether an individual poses an imminent threat to others, and whether the use of lethal force is reasonable under the circumstances, Jay Stanley, a senior policy analyst at the ACLU, said in an email to Gizmodo.
On Thursday, a federal judge in New York delivered a crucial rebuke to the government s warrantless use of stingrays.In a 14-page opinion, the judge ruled that the government could not use its stingray to locate a drug suspect, asleep in his apartment.As a result of the ruling, the judge suppressed the evidence found in the man s bedroom—a kilogram of cocaine—likely effectively ending the case.In March 2016, a state appeals court in Maryland reached a similar finding, but this is believed to be the first federal ruling of its kind.As Ars has long reported, cell-site simulators—known colloquially as stingrays—can be used to determine a mobile phone s location by spoofing a cell tower.Once deployed, the devices intercept data from a target phone along with information from other phones within the vicinity.
Airbnb hasn t quite figured out how to keep its hosts from denying guests because of their race.But the company promises it s working on it — and it s brought in Eric Holder to help.The former U.S. attorney general has signed on to help Airbnb address wide-spread claims of racism that sparked the viral AirbnbWhileBlack hashtag, Airbnb CEO and co-founder Brian Chesky announced in a company blog post Wednesday.The news comes as Airbnb says it s halfway through a promised review of every aspect of the Airbnb platform.In an effort led by Laura Murphy, former head of the ACLU Washington, D.C. legislative office, the company is meeting with civil rights leaders and getting input from Airbnb employees.The goal is to create a stronger anti-discrimination policy, beef up unconscious bias training for hosts and hire new employees to sniff out issues.Airbnb hasn t unveiled any solutions in more detail, but it has created an email address where people can submit their ideas: [email protected] process isn t close to being over, but we want to be as transparent as possible along the way because I know we ve failed on that front previously, Chesky wrote.Over the last month, I have been reflecting on why we have been slow to address these problems.
Blocking people from shooting video of Beyonce on stage is one thing.Blocking people from shooting video of police behaving badly is quite another.More than 10,000 people have signed an online petition calling on Apple to keep one of its patented technologies out of the hands of police.Last month, Apple received a patent for a system that would allow a phone s photo and video functions to be disabled by infrared broadcasts from a transmitter.A transmitter can be located in areas where capturing pictures and videos is prohibited e.g., a concert or a classified facility , Apple s patent said.But news of the invention has sparked fear that it would be used in a drastically different kind of situation.Imagine: you re walking down the street when you see police officers slamming a woman to the ground, the petition says.They re exhibiting a shocking use of force — one officers sic pushes her face into the ground.Taking photos in public places is generally protected under the First Amendment.
Airbnb, the Silicon Valley home-sharing platform valued at up to $30 billion, has a discrimination problem.And we will require everyone who uses our platform to read and certify that they will follow this policy.Last month, an Airbnb host in North Carolina reportedly canceled a guest s booking because she was black—and subsequently harassed her with racist and sexist messages.It hired David King III, a former State Department official, as its first head of diversity and belonging earlier in the year.In June, at the company s annual Open conference, Airbnb pledged to make tackling bias a priority, enlisting the help of former ACLU staffer Laura Murphy to conduct an internal review.Today s hiring of a former Obama administration official is just the latest in Airbnb s string of moves meant to visibly address its discrimination issues.
This case is separate from, but has remarkable similarities to, a pending case that was filed last month in Arizona by another woman, Ashley Cervantes.The team previously won a $1.1M settlement on her behalf to settle related claims filed against the University Medical Center of El Paso.Under the terms of the new settlement with the feds, the two ACLU organizations will send advisory letters to hospitals from San Diego to Houston, notifying them of their rights and responsibilities.Doctors and law enforcement officers are entrusted with the sacred responsibility of looking after our health and safety, and Ms. Doe s unspeakable ordeal represents an unforgivable violation of that trust, Terri Burke, executive director of the ACLU of Texas said in a Thursday statement.These atrocities were committed with our money and in our name, and it s not enough to hold those who committed them to account.We must also ensure that that every law enforcement officer and every hospital staff member understands the consequences of so intimately and egregiously violating someone s rights.
Illinois law enforcement authorities will need court approval to use cell phone trackers like StingRay that can sweep up data from innocent citizens, according to a new state law.There s a growing sense of awareness in the legislature that these privacy issues are really important, said Ed Yohnka, spokesman for the ACLU of Illinois.The new Citizen Privacy Protection Act requires law enforcement in most cases to obtain a warrant before using StingRay, a device capable of extracting information like location, contact lists, text messages and incoming and outgoing call data.The Illinois law will require police to delete this extraneous user data at least every 24 hours.Police say the technology is valuable because it can help pinpoint the location of a kidnapper or fugutive, for example.If police are tracking a particular suspect and they think they re inside of a certain home or apartment, they can track them pretty closely.
More

Top